HOW TO VIEW AND RECOVER DUMP FILES ON PC πŸ™€πŸ™€

by


Contents hide
I. Overview
II. Opening Memory Dump Files
    This article discusses how to retrieve memory dump files for diagnostic use in cases where protected machines crash shortly after a Datto Windows Agent install.

Overview

There are three types of memory dump. 

  • Complete memory dump: The complete contents of physical memory at the time of the crash. This is the most useful and informative, and the ideal option for troubleshooting these crashes.
  • Automatic/Kernel memory dump: Does not contain user-mode process information, but still populates useful information in a system crash. Smaller than the complete dump.
  • Small memory dump (minidump): 64 KB in size for x86 systems; 128 KB on x64 systems. Contains stop code, parameters, loaded device driver list, current process and thread info, and kernel stack info for the thread that caused the system crash. These can provide some helpful information as to the cause of crashes, but may not be as useful as larger options.

Directions

For Windows 2003 and XP, the page file needs to be on the boot volume of the system to create a memory dump.


1. Click Start, right-click My Computer, and select Properties (If this is a Windows 8/10 based OS, from the directory panel on the left, select the File Explorer. Right-click the This PC icon, then click Properties).
2. In System Properties, click Advanced.
HOW TO VIEW AND RECOVER DUMP FILES ON PC πŸ™€πŸ™€
Pishaw 2: click Advanced system settings
3. In Startup and Recovery, click Settings.
HOW TO VIEW AND RECOVER DUMP FILES ON PC πŸ™€πŸ™€


Pishaw 3: Click Settings in Startup and Recovery.
4. The dump file options are in the Write debugging information section.
HOW TO VIEW AND RECOVER DUMP FILES ON PC πŸ™€πŸ™€
Pishaw 4: Select the memory dump type
5. The memory dump file is typically located in %SystemRoot%MEMORY.DMP
    The system root is typically C:WindowsSystem32.
    If the system is configured for minidump, the default location folder is %SystemRoot%Minidump.
These files can be several gigabytes in size, too large to attach to a ticket. You can use Datto Drive to upload the memory dump to a shareable folder.

Opening Memory Dump Files

Standard text editors will not open .dmp files properly. Download and install the Windows Driver Kit for Windows 10.
After installing WDK for Windows 10:
  • Open the Start menu
  • type windbg.exe.
  • Click File and select Open Crash Dump.
  • Browse to the .dmp file you wish to analyze
  • Click Open.
The file will load with viewable contents. 
Share and support us!
Join us for more πŸ‘‡πŸ‘‡
@LegitDroidPhoneHack
Don’t forget to share.
Join

Leave a Comment